During our regular security audit for CES, we noticed that we have Cisco Secure Email Cloud Gateway customers that are using port 3268 or 389 for LDAP sessions. By default, there is no security provision for these ports, making you vulnerable to man-in-the-middle attacks.
What is a Man in the Middle Attack?
Man-In-The-Middle (MiTM) is an Attacker or an Observer which is between the Protocol Client and the Protocol Server.
A Man-In-The-Middle Attacker is typically trying for impersonation of the Protocol Client or the Protocol Server.
Secure connections are methods to attempt to prevent Man-In-The-Middle
We request you to change your LDAP ports to 3269/636 ASAP!
Examples of Active Directory/LDAP ports
Most Active Directory servers use the following ports:
- port 3268
- port 3269 (SSL)
Most OpenLDAP servers use the following ports:
- port 389
- port 636 (SSL)
NON-SECURE PORT CLOSURE DATE IS JULY 29, 2022
We suggest you take this task as a high priority for better security!
Cisco Secure Email Cloud Gateway Ops will be closing ports 3268 and 389 for LDAP on July 29, 2022.
- From your ESA UI, click on System Administration > LDAP
- In the LDAP Server Profiles section, click on your configured Server Profile
- In Server Attributes, review the configuration and the Port in use
If you are currently using port 3268 or port 389, please work with your LDAP administrator and assure port 3269 or port 636 are opened and available for your LDAP host.
- Replace the port you have configured with the updated port: 3268 > 3269 or 389 > 636
- Click the "Use SSL" option under Connection Protocol
- Click the Test Server(s) button in the Server Attributes section
- If your test is successful, scroll to the bottom of the page and click Submit
You may also wish to scroll through your LDAP configuration and run Test Query for enabled queries.
- From the upper-right corner of the UI, click Commit Changes and complete the configuration change at this point on the Gateway
If you have any urgent questions about this maintenance or the possible impact, please contact Cisco TAC.
Updated 4 months ago